1 |
On 03/05/2010, at 9:16 PM, Daniel Troeder wrote: |
2 |
|
3 |
> I haven't set this up on gentoo, only on debian-server with |
4 |
> ubuntu-clients... |
5 |
> |
6 |
> Does NSS work already? Do you see the LDAP users/group after the |
7 |
> passwd-users when you run |
8 |
> $ getent passwd |
9 |
> $ getent group |
10 |
> |
11 |
|
12 |
Both show the correct user and group as defined in the ldap attributes |
13 |
|
14 |
passwd |
15 |
william:*:10000:10000:William Brown,,,,:/home/william:/bin/bash |
16 |
|
17 |
and group |
18 |
login:*:20000:william |
19 |
|
20 |
> Assuming you have configured /etc/nsswitch.conf: |
21 |
> passwd: compat ldap |
22 |
> group: compat ldap |
23 |
> shadow: compat ldap |
24 |
> ("files ldap" is OK too.) |
25 |
> |
26 |
> As long as that does not work, it doesn't make sense to continue to PAM. |
27 |
> |
28 |
> Is the password in /etc/ldap.secret OK? Mode should be 400. Try to see |
29 |
> if the password for cn=Manager,dc=chocolate,dc=lan in there does have |
30 |
> possibly problematic characters. |
31 |
|
32 |
The password is in there, and it does bind successfully (I accidentally posted the wrong output from slapd, I have been documenting my success / failures to try and piece this together) |
33 |
|
34 |
slapd starting |
35 |
conn=0 fd=10 ACCEPT from IP=127.0.0.1:39936 (IP=0.0.0.0:389) |
36 |
conn=0 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" method=128 |
37 |
conn=0 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" mech=SIMPLE ssf=0 |
38 |
conn=0 op=0 RESULT tag=97 err=0 text= |
39 |
connection_input: conn=0 deferring operation: binding |
40 |
conn=0 op=1 SRCH base="ou=Admin,dc=chocolate,dc=lan" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=william))" |
41 |
conn=0 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire |
42 |
conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= |
43 |
conn=1 fd=13 ACCEPT from IP=127.0.0.1:23394 (IP=0.0.0.0:389) |
44 |
conn=1 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" method=128 |
45 |
conn=1 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" mech=SIMPLE ssf=0 |
46 |
conn=1 op=0 RESULT tag=97 err=0 text= |
47 |
connection_input: conn=1 deferring operation: binding |
48 |
conn=1 op=1 SRCH base="ou=Admin,dc=chocolate,dc=lan" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=william))" |
49 |
conn=1 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire |
50 |
conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= |
51 |
conn=1 op=2 SRCH base="ou=Admin,dc=chocolate,dc=lan" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=william))" |
52 |
conn=1 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire |
53 |
conn=1 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= |
54 |
conn=1 fd=13 closed (connection lost) |
55 |
conn=2 fd=13 ACCEPT from IP=127.0.0.1:38351 (IP=0.0.0.0:389) |
56 |
conn=2 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" method=128 |
57 |
conn=2 op=0 BIND dn="cn=Manager,dc=chocolate,dc=lan" mech=SIMPLE ssf=0 |
58 |
conn=2 op=0 RESULT tag=97 err=0 text= |
59 |
connection_input: conn=2 deferring operation: binding |
60 |
conn=2 op=1 SRCH base="ou=Admin,dc=chocolate,dc=lan" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=william))" |
61 |
conn=2 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire |
62 |
conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= |
63 |
conn=2 op=2 SRCH base="ou=Admin,dc=chocolate,dc=lan" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=william))" |
64 |
conn=2 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire |
65 |
conn=2 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= |
66 |
|
67 |
> |
68 |
> I need to use nscd on the clients. |
69 |
> |
70 |
> BTW: I use MDS/MMC (http://mds.mandriva.org/) on all debian servers for |
71 |
> User/Samba/DNS/DHCP/Mail management with LDAP. It's really good. |
72 |
|
73 |
Ill take a look at it, thank you for the hint. |
74 |
|
75 |
> |
76 |
> The most trickiest part of setting up LDAP-clients is always PAM :( |
77 |
> Fortunately for debian/ubuntu there are good guides. If you find out how |
78 |
> to do it with gentoo, that info would be appreciated (gentoo-wiki?). |
79 |
|
80 |
I agree, and i most likely will do a write up if i get it to work happily |
81 |
|
82 |
> |
83 |
> Good luck, |
84 |
> Daniel |
85 |
> |
86 |
> -- |
87 |
> PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887&op=get |
88 |
> # gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887 |
89 |
> |
90 |
|
91 |
William |